Authorization (authZ) without authentication (authN)

Having some trouble with the authorization code flow. Hoping someon could shed some light.

For our use case we manage our own users, and our users can log into our site using our own in house authentication. When a user logs in we are then trying to SSO the user into a second web site. The second site should be able to access protected services hosted the first site.

The user would click a link on the first site which takes them to the other site, and that site would use the client ID that we give them to authorize against auth0 to get an access code. At that stage we don’t want to ask the user for any credentials (authN) cause they’ve already logged into the first site.

This is how we make the request to auth0 /authorize endpoint:

https://[name].auth0.com/authorize?response_type=code&client_id=OUR_CLIENT_IDf&launch=MySampleData&redirect_uri=OUR_REDIRECT_URI&state=STATE&scope=SCOPE&prompt=none

In the request above we set prompt=none for silent authorization. The issue is that the auth0 server does not return a code. It says “Failed Silent Auth” with an error message of “Login required”. It seems like auth0 requires authentication to an idp (authz). How does that work in our flow where the user has already logged into our site via our custom in-house login?

Thanks,
Seth

Hello @slenzi,

Welcome to the Community! When you say “our own in house authentication”, do you mean something other than Auth0? Or do you mean you are handling Auth0 authn without using Universal Login?

Something other than auth0.

I am making some assumptions here so correct me if I am wrong. If you are authenticating users yourself, the only way to use Auth0 is to set up an SSO environment is to establish a trust between your own authentication service and Auth0.

For example, if your internal authentication service supports SAML, you could add it to Auth0 as an Enterprise connection, and then your SAML security tokens will work with other Auth0 connected apps.